Fix XSS vulnerabilities

[sql-web.git] / lib / proc.lib.php

diff --git a/lib/proc.lib.php b/lib/proc.lib.php
index 865d49805ed95cb059a75f9911015cb1d4e6f4ee..2a07094d49ca807f2ae7d35736244611a1c93b75 100644 (file)
--- a/lib/proc.lib.php
+++ b/lib/proc.lib.php
@@ -27,7 +27,7 @@ class proc {
                                $err1[] = 'Database already exists.';
                        }
                } else {
-                       $msg1[] = 'Database `'.$dbname.'` created.';
+                       $msg1[] = 'Database `'.htmlentities($dbname).'` created.';
                }
                $i_newdb = $dbname;
                return array($msg1, $err1);
@@ -37,7 +37,7 @@ class proc {
                $dropdbs = array_keys($i_drop);
                foreach($dropdbs as $dbname) {
                        if ($User->delDB($dbname)) {
-                               $msg1[] = 'Database `'.$dbname.'` dropped.';
+                               $msg1[] = 'Database `'.htmlentities($dbname).'` dropped.';
                        } else {
                                $err1[] = mysql_error();
                        }